Our prior podcast episodes detailed how China, Russia, and to a lesser extent India have created barriers to the free flow of personal information across borders. Data localization, sometimes called data nationalization, is the practice of governments to restrict or regulate closely how personal information of their citizens can be collected or shared outside a country.
This podcast episode looks at how Australia, a free-market country, is handling personal data transfers. Australia has no broad data localization requirements. But it restricts the export of medical information about its residents. Electronic health records with personally identifiable information cannot be transferred or processed outside Australia.
Australia's Privacy Act, an early national data privacy law (1988), is comprehensive and different from GDPR. Collecting personal information is possible only if "reasonably necessary," so does not require express consent. But Australia is protective of its citizens' privacy interests. A 2021 order of Australia's regulator against Clearview ordered it to cease collection of facial biometrics and destroy existing images of Australian citizens. Clearview argued with no success that the images were publicly available (and so did not constitute personally protected data) and that Clearview is a U.S. company with no establishment in Australia.
If a free-market oriented country like Australia engages in data localization and the extraterritorial reach of its laws, what does this mean for the internet, global data business, and the privacy of people? Tune into this discussion in our fourth episode about data localization.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
